package com.tenbent.product.base.config.security.rest;

import com.tenbent.product.center.user.service.UserService;
import com.tenbent.product.center.user.service.impl.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;

/**
 * 授权服务器配置
 *
 * 注册了一个客户端，也就只有此客户端才能获取token
 *
 * clientId = my-trusted-client, secret = secret
 *
 * @author Randy
 *
 *         Created by ThinkPad on 2017/6/19.
 */
@Configuration
@EnableAuthorizationServer
@Import({ OAuth2SecurityConfiguration.class })
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

	private static String REALM = "MY_OAUTH_REALM";

	@Autowired
	private TokenStore tokenStore;

	@Autowired
	private UserApprovalHandler userApprovalHandler;

	@Autowired
	@Qualifier("authenticationManagerBean")
	private AuthenticationManager authenticationManager;

	@Autowired
	private ClientDetailsService clientDetailsService;

	@Bean
	public UserService userDetailsService() {
		return new UserServiceImpl();
	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

		// clients.inMemory()
		// .withClient("my-trusted-client")
		// .authorizedGrantTypes("password", "authorization_code",
		// "refresh_token", "implicit")
		// .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
		// .scopes("read", "write", "trust")
		// .secret("secret")
		// // Access token is only valid for 2 minutes.
		// .accessTokenValiditySeconds(120)
		// // Refresh token is only valid for 10 minutes.
		// .refreshTokenValiditySeconds(600);

		clients.withClientDetails(clientDetailsService);

	}

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
				.authenticationManager(authenticationManager).userDetailsService(userDetailsService());

		// endpoints.tokenStore(tokenStore);
		// endpoints.userDetailsService(userService);
		// endpoints.authenticationManager(authenticationManager).approvalStoreDisabled();

	}

	@Override
	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		oauthServer.realm(REALM + "/client");
	}
}
